diff --git a/third_party/code.google.com/p/goauth2/.hgtags b/third_party/code.google.com/p/goauth2/.hgtags deleted file mode 100644 index a6df8480b..000000000 --- a/third_party/code.google.com/p/goauth2/.hgtags +++ /dev/null @@ -1,2 +0,0 @@ -379476c9e05c5275356e0a82ca079e61869e9192 release -4ee7c273e92e663ef8dc0c476d395350a586ad75 weekly diff --git a/third_party/code.google.com/p/goauth2/AUTHORS b/third_party/code.google.com/p/goauth2/AUTHORS deleted file mode 100644 index 5ad2b5812..000000000 --- a/third_party/code.google.com/p/goauth2/AUTHORS +++ /dev/null @@ -1,11 +0,0 @@ -# This is the official list of goauth2 authors for copyright purposes. -# This file is distinct from the CONTRIBUTORS files. -# See the latter for an explanation. - -# Names should be added to this file as -# Name or Organization -# The email address is not required for organizations. - -# Please keep the list sorted. - -Google Inc. diff --git a/third_party/code.google.com/p/goauth2/CONTRIBUTORS b/third_party/code.google.com/p/goauth2/CONTRIBUTORS deleted file mode 100644 index 2de444d4c..000000000 --- a/third_party/code.google.com/p/goauth2/CONTRIBUTORS +++ /dev/null @@ -1,37 +0,0 @@ -# This is the official list of people who can contribute -# (and typically have contributed) code to the goauth2 repository. -# The AUTHORS file lists the copyright holders; this file -# lists people. For example, Google employees are listed here -# but not in AUTHORS, because Google holds the copyright. -# -# The submission process automatically checks to make sure -# that people submitting code are listed in this file (by email address). -# -# Names should be added to this file only after verifying that -# the individual or the individual's organization has agreed to -# the appropriate Contributor License Agreement, found here: -# -# http://code.google.com/legal/individual-cla-v1.0.html -# http://code.google.com/legal/corporate-cla-v1.0.html -# -# The agreement for individuals can be filled out on the web. -# -# When adding J Random Contributor's name to this file, -# either J's name or J's organization's name should be -# added to the AUTHORS file, depending on whether the -# individual or corporate CLA was used. - -# Names should be added to this file like so: -# Name -# -# An entry with two email addresses specifies that the -# first address should be used in the submit logs and -# that the second address should be recognized as the -# same person when interacting with Rietveld. - -# Please keep the list sorted. - -Andrew Gerrand -Brad Fitzpatrick -Mark-Antoine Ruel -Manu Garg diff --git a/third_party/code.google.com/p/goauth2/LICENSE b/third_party/code.google.com/p/goauth2/LICENSE deleted file mode 100644 index 6765f090b..000000000 --- a/third_party/code.google.com/p/goauth2/LICENSE +++ /dev/null @@ -1,27 +0,0 @@ -Copyright (c) 2009 The goauth2 Authors. All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions are -met: - - * Redistributions of source code must retain the above copyright -notice, this list of conditions and the following disclaimer. - * Redistributions in binary form must reproduce the above -copyright notice, this list of conditions and the following disclaimer -in the documentation and/or other materials provided with the -distribution. - * Neither the name of Google Inc. nor the names of its -contributors may be used to endorse or promote products derived from -this software without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR -A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT -OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT -LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE -OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/third_party/code.google.com/p/goauth2/PATENTS b/third_party/code.google.com/p/goauth2/PATENTS deleted file mode 100644 index 9e8716353..000000000 --- a/third_party/code.google.com/p/goauth2/PATENTS +++ /dev/null @@ -1,22 +0,0 @@ -Additional IP Rights Grant (Patents) - -"This implementation" means the copyrightable works distributed by -Google as part of the goauth2 project. - -Google hereby grants to You a perpetual, worldwide, non-exclusive, -no-charge, royalty-free, irrevocable (except as stated in this section) -patent license to make, have made, use, offer to sell, sell, import, -transfer and otherwise run, modify and propagate the contents of this -implementation of Go, where such license applies only to those patent -claims, both currently owned or controlled by Google and acquired in -the future, licensable by Google that are necessarily infringed by this -implementation of Go. This grant does not include claims that would be -infringed only as a consequence of further modification of this -implementation. If you or your agent or exclusive licensee institute or -order or agree to the institution of patent litigation against any -entity (including a cross-claim or counterclaim in a lawsuit) alleging -that this implementation of Go or any code incorporated within this -implementation of Go constitutes direct or contributory patent -infringement, or inducement of patent infringement, then any patent -rights granted to you under this License for this implementation of Go -shall terminate as of the date such litigation is filed. diff --git a/third_party/code.google.com/p/goauth2/lib/codereview/codereview.cfg b/third_party/code.google.com/p/goauth2/lib/codereview/codereview.cfg deleted file mode 100644 index 93b55c0a3..000000000 --- a/third_party/code.google.com/p/goauth2/lib/codereview/codereview.cfg +++ /dev/null @@ -1 +0,0 @@ -defaultcc: golang-dev@googlegroups.com diff --git a/third_party/code.google.com/p/goauth2/oauth/oauth.go b/third_party/code.google.com/p/goauth2/oauth/oauth.go deleted file mode 100644 index 29dc8d736..000000000 --- a/third_party/code.google.com/p/goauth2/oauth/oauth.go +++ /dev/null @@ -1,461 +0,0 @@ -// Copyright 2011 The goauth2 Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -// Package oauth supports making OAuth2-authenticated HTTP requests. -// -// Example usage: -// -// // Specify your configuration. (typically as a global variable) -// var config = &oauth.Config{ -// ClientId: YOUR_CLIENT_ID, -// ClientSecret: YOUR_CLIENT_SECRET, -// Scope: "https://www.googleapis.com/auth/buzz", -// AuthURL: "https://accounts.google.com/o/oauth2/auth", -// TokenURL: "https://accounts.google.com/o/oauth2/token", -// RedirectURL: "http://you.example.org/handler", -// } -// -// // A landing page redirects to the OAuth provider to get the auth code. -// func landing(w http.ResponseWriter, r *http.Request) { -// http.Redirect(w, r, config.AuthCodeURL("foo"), http.StatusFound) -// } -// -// // The user will be redirected back to this handler, that takes the -// // "code" query parameter and Exchanges it for an access token. -// func handler(w http.ResponseWriter, r *http.Request) { -// t := &oauth.Transport{Config: config} -// t.Exchange(r.FormValue("code")) -// // The Transport now has a valid Token. Create an *http.Client -// // with which we can make authenticated API requests. -// c := t.Client() -// c.Post(...) -// // ... -// // btw, r.FormValue("state") == "foo" -// } -// -package oauth - -import ( - "encoding/json" - "errors" - "fmt" - "io" - "io/ioutil" - "mime" - "net/http" - "net/url" - "os" - "strconv" - "strings" - "sync" - "time" -) - -// OAuthError is the error type returned by many operations. -// -// In retrospect it should not exist. Don't depend on it. -type OAuthError struct { - prefix string - msg string -} - -func (oe OAuthError) Error() string { - return "OAuthError: " + oe.prefix + ": " + oe.msg -} - -// Cache specifies the methods that implement a Token cache. -type Cache interface { - Token() (*Token, error) - PutToken(*Token) error -} - -// CacheFile implements Cache. Its value is the name of the file in which -// the Token is stored in JSON format. -type CacheFile string - -func (f CacheFile) Token() (*Token, error) { - file, err := os.Open(string(f)) - if err != nil { - return nil, OAuthError{"CacheFile.Token", err.Error()} - } - defer file.Close() - tok := &Token{} - if err := json.NewDecoder(file).Decode(tok); err != nil { - return nil, OAuthError{"CacheFile.Token", err.Error()} - } - return tok, nil -} - -func (f CacheFile) PutToken(tok *Token) error { - file, err := os.OpenFile(string(f), os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0600) - if err != nil { - return OAuthError{"CacheFile.PutToken", err.Error()} - } - if err := json.NewEncoder(file).Encode(tok); err != nil { - file.Close() - return OAuthError{"CacheFile.PutToken", err.Error()} - } - if err := file.Close(); err != nil { - return OAuthError{"CacheFile.PutToken", err.Error()} - } - return nil -} - -// Config is the configuration of an OAuth consumer. -type Config struct { - // ClientId is the OAuth client identifier used when communicating with - // the configured OAuth provider. - ClientId string - - // ClientSecret is the OAuth client secret used when communicating with - // the configured OAuth provider. - ClientSecret string - - // Scope identifies the level of access being requested. Multiple scope - // values should be provided as a space-delimited string. - Scope string - - // AuthURL is the URL the user will be directed to in order to grant - // access. - AuthURL string - - // TokenURL is the URL used to retrieve OAuth tokens. - TokenURL string - - // RedirectURL is the URL to which the user will be returned after - // granting (or denying) access. - RedirectURL string - - // TokenCache allows tokens to be cached for subsequent requests. - TokenCache Cache - - // AccessType is an OAuth extension that gets sent as the - // "access_type" field in the URL from AuthCodeURL. - // See https://developers.google.com/accounts/docs/OAuth2WebServer. - // It may be "online" (the default) or "offline". - // If your application needs to refresh access tokens when the - // user is not present at the browser, then use offline. This - // will result in your application obtaining a refresh token - // the first time your application exchanges an authorization - // code for a user. - AccessType string - - // ApprovalPrompt indicates whether the user should be - // re-prompted for consent. If set to "auto" (default) the - // user will be prompted only if they haven't previously - // granted consent and the code can only be exchanged for an - // access token. - // If set to "force" the user will always be prompted, and the - // code can be exchanged for a refresh token. - ApprovalPrompt string -} - -// Token contains an end-user's tokens. -// This is the data you must store to persist authentication. -type Token struct { - AccessToken string - RefreshToken string - Expiry time.Time // If zero the token has no (known) expiry time. - - // Extra optionally contains extra metadata from the server - // when updating a token. The only current key that may be - // populated is "id_token". It may be nil and will be - // initialized as needed. - Extra map[string]string -} - -// Expired reports whether the token has expired or is invalid. -func (t *Token) Expired() bool { - if t.AccessToken == "" { - return true - } - if t.Expiry.IsZero() { - return false - } - return t.Expiry.Before(time.Now()) -} - -// Transport implements http.RoundTripper. When configured with a valid -// Config and Token it can be used to make authenticated HTTP requests. -// -// t := &oauth.Transport{config} -// t.Exchange(code) -// // t now contains a valid Token -// r, _, err := t.Client().Get("http://example.org/url/requiring/auth") -// -// It will automatically refresh the Token if it can, -// updating the supplied Token in place. -type Transport struct { - *Config - *Token - - // mu guards modifying the token. - mu sync.Mutex - - // Transport is the HTTP transport to use when making requests. - // It will default to http.DefaultTransport if nil. - // (It should never be an oauth.Transport.) - Transport http.RoundTripper -} - -// Client returns an *http.Client that makes OAuth-authenticated requests. -func (t *Transport) Client() *http.Client { - return &http.Client{Transport: t} -} - -func (t *Transport) transport() http.RoundTripper { - if t.Transport != nil { - return t.Transport - } - return http.DefaultTransport -} - -// AuthCodeURL returns a URL that the end-user should be redirected to, -// so that they may obtain an authorization code. -func (c *Config) AuthCodeURL(state string) string { - url_, err := url.Parse(c.AuthURL) - if err != nil { - panic("AuthURL malformed: " + err.Error()) - } - q := url.Values{ - "response_type": {"code"}, - "client_id": {c.ClientId}, - "redirect_uri": {c.RedirectURL}, - "scope": {c.Scope}, - "state": {state}, - "access_type": {c.AccessType}, - "approval_prompt": {c.ApprovalPrompt}, - }.Encode() - if url_.RawQuery == "" { - url_.RawQuery = q - } else { - url_.RawQuery += "&" + q - } - return url_.String() -} - -// Exchange takes a code and gets access Token from the remote server. -func (t *Transport) Exchange(code string) (*Token, error) { - if t.Config == nil { - return nil, OAuthError{"Exchange", "no Config supplied"} - } - - // If the transport or the cache already has a token, it is - // passed to `updateToken` to preserve existing refresh token. - tok := t.Token - if tok == nil && t.TokenCache != nil { - tok, _ = t.TokenCache.Token() - } - if tok == nil { - tok = new(Token) - } - err := t.updateToken(tok, url.Values{ - "grant_type": {"authorization_code"}, - "redirect_uri": {t.RedirectURL}, - "scope": {t.Scope}, - "code": {code}, - }) - if err != nil { - return nil, err - } - t.Token = tok - if t.TokenCache != nil { - return tok, t.TokenCache.PutToken(tok) - } - return tok, nil -} - -// RoundTrip executes a single HTTP transaction using the Transport's -// Token as authorization headers. -// -// This method will attempt to renew the Token if it has expired and may return -// an error related to that Token renewal before attempting the client request. -// If the Token cannot be renewed a non-nil os.Error value will be returned. -// If the Token is invalid callers should expect HTTP-level errors, -// as indicated by the Response's StatusCode. -func (t *Transport) RoundTrip(req *http.Request) (*http.Response, error) { - accessToken, err := t.getAccessToken() - if err != nil { - return nil, err - } - // To set the Authorization header, we must make a copy of the Request - // so that we don't modify the Request we were given. - // This is required by the specification of http.RoundTripper. - req = cloneRequest(req) - req.Header.Set("Authorization", "Bearer "+accessToken) - - // Make the HTTP request. - return t.transport().RoundTrip(req) -} - -func (t *Transport) getAccessToken() (string, error) { - t.mu.Lock() - defer t.mu.Unlock() - - if t.Token == nil { - if t.Config == nil { - return "", OAuthError{"RoundTrip", "no Config supplied"} - } - if t.TokenCache == nil { - return "", OAuthError{"RoundTrip", "no Token supplied"} - } - var err error - t.Token, err = t.TokenCache.Token() - if err != nil { - return "", err - } - } - - // Refresh the Token if it has expired. - if t.Expired() { - if err := t.Refresh(); err != nil { - return "", err - } - } - if t.AccessToken == "" { - return "", errors.New("no access token obtained from refresh") - } - return t.AccessToken, nil -} - -// cloneRequest returns a clone of the provided *http.Request. -// The clone is a shallow copy of the struct and its Header map. -func cloneRequest(r *http.Request) *http.Request { - // shallow copy of the struct - r2 := new(http.Request) - *r2 = *r - // deep copy of the Header - r2.Header = make(http.Header) - for k, s := range r.Header { - r2.Header[k] = s - } - return r2 -} - -// Refresh renews the Transport's AccessToken using its RefreshToken. -func (t *Transport) Refresh() error { - if t.Token == nil { - return OAuthError{"Refresh", "no existing Token"} - } - if t.RefreshToken == "" { - return OAuthError{"Refresh", "Token expired; no Refresh Token"} - } - if t.Config == nil { - return OAuthError{"Refresh", "no Config supplied"} - } - - err := t.updateToken(t.Token, url.Values{ - "grant_type": {"refresh_token"}, - "refresh_token": {t.RefreshToken}, - }) - if err != nil { - return err - } - if t.TokenCache != nil { - return t.TokenCache.PutToken(t.Token) - } - return nil -} - -// AuthenticateClient gets an access Token using the client_credentials grant -// type. -func (t *Transport) AuthenticateClient() error { - if t.Config == nil { - return OAuthError{"Exchange", "no Config supplied"} - } - if t.Token == nil { - t.Token = &Token{} - } - return t.updateToken(t.Token, url.Values{"grant_type": {"client_credentials"}}) -} - -// providerAuthHeaderWorks reports whether the OAuth2 server identified by the tokenURL -// implements the OAuth2 spec correctly -// See https://code.google.com/p/goauth2/issues/detail?id=31 for background. -// In summary: -// - Reddit only accepts client_secret in Authorization header. -// - Dropbox accepts either, but not both. -// - Google only accepts client_secret (not spec compliant?) -func providerAuthHeaderWorks(tokenURL string) bool { - if strings.HasPrefix(tokenURL, "https://accounts.google.com/") { - // Google fails to implement the OAuth2 spec fully? - return false - } - return true -} - -// updateToken mutates both tok and v. -func (t *Transport) updateToken(tok *Token, v url.Values) error { - v.Set("client_id", t.ClientId) - bustedAuth := !providerAuthHeaderWorks(t.TokenURL) - if bustedAuth { - v.Set("client_secret", t.ClientSecret) - } - client := &http.Client{Transport: t.transport()} - req, err := http.NewRequest("POST", t.TokenURL, strings.NewReader(v.Encode())) - if err != nil { - return err - } - req.Header.Set("Content-Type", "application/x-www-form-urlencoded") - if !bustedAuth { - req.SetBasicAuth(t.ClientId, t.ClientSecret) - } - r, err := client.Do(req) - if err != nil { - return err - } - defer r.Body.Close() - if r.StatusCode != 200 { - return OAuthError{"updateToken", "Unexpected HTTP status " + r.Status} - } - var b struct { - Access string `json:"access_token"` - Refresh string `json:"refresh_token"` - ExpiresIn int64 `json:"expires_in"` // seconds - Id string `json:"id_token"` - } - - body, err := ioutil.ReadAll(io.LimitReader(r.Body, 1<<20)) - if err != nil { - return err - } - - content, _, _ := mime.ParseMediaType(r.Header.Get("Content-Type")) - switch content { - case "application/x-www-form-urlencoded", "text/plain": - vals, err := url.ParseQuery(string(body)) - if err != nil { - return err - } - - b.Access = vals.Get("access_token") - b.Refresh = vals.Get("refresh_token") - b.ExpiresIn, _ = strconv.ParseInt(vals.Get("expires_in"), 10, 64) - b.Id = vals.Get("id_token") - default: - if err = json.Unmarshal(body, &b); err != nil { - return fmt.Errorf("got bad response from server: %q", body) - } - } - if b.Access == "" { - return errors.New("received empty access token from authorization server") - } - tok.AccessToken = b.Access - // Don't overwrite `RefreshToken` with an empty value - if b.Refresh != "" { - tok.RefreshToken = b.Refresh - } - if b.ExpiresIn == 0 { - tok.Expiry = time.Time{} - } else { - tok.Expiry = time.Now().Add(time.Duration(b.ExpiresIn) * time.Second) - } - if b.Id != "" { - if tok.Extra == nil { - tok.Extra = make(map[string]string) - } - tok.Extra["id_token"] = b.Id - } - return nil -} diff --git a/third_party/code.google.com/p/goauth2/oauth/oauth_test.go b/third_party/code.google.com/p/goauth2/oauth/oauth_test.go deleted file mode 100644 index 81d4992a1..000000000 --- a/third_party/code.google.com/p/goauth2/oauth/oauth_test.go +++ /dev/null @@ -1,219 +0,0 @@ -// Copyright 2011 The goauth2 Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package oauth - -import ( - "io" - "io/ioutil" - "net/http" - "net/http/httptest" - "net/url" - "os" - "path/filepath" - "runtime" - "testing" - "time" -) - -var requests = []struct { - path, query, auth string // request - contenttype, body string // response -}{ - { - path: "/token", - query: "grant_type=authorization_code&code=c0d3&client_id=cl13nt1d", - contenttype: "application/json", - auth: "Basic Y2wxM250MWQ6czNjcjN0", - body: ` - { - "access_token":"token1", - "refresh_token":"refreshtoken1", - "id_token":"idtoken1", - "expires_in":3600 - } - `, - }, - {path: "/secure", auth: "Bearer token1", body: "first payload"}, - { - path: "/token", - query: "grant_type=refresh_token&refresh_token=refreshtoken1&client_id=cl13nt1d", - contenttype: "application/json", - auth: "Basic Y2wxM250MWQ6czNjcjN0", - body: ` - { - "access_token":"token2", - "refresh_token":"refreshtoken2", - "id_token":"idtoken2", - "expires_in":3600 - } - `, - }, - {path: "/secure", auth: "Bearer token2", body: "second payload"}, - { - path: "/token", - query: "grant_type=refresh_token&refresh_token=refreshtoken2&client_id=cl13nt1d", - contenttype: "application/x-www-form-urlencoded", - body: "access_token=token3&refresh_token=refreshtoken3&id_token=idtoken3&expires_in=3600", - auth: "Basic Y2wxM250MWQ6czNjcjN0", - }, - {path: "/secure", auth: "Bearer token3", body: "third payload"}, - { - path: "/token", - query: "grant_type=client_credentials&client_id=cl13nt1d", - contenttype: "application/json", - auth: "Basic Y2wxM250MWQ6czNjcjN0", - body: ` - { - "access_token":"token4", - "expires_in":3600 - } - `, - }, - {path: "/secure", auth: "Bearer token4", body: "fourth payload"}, -} - -func TestOAuth(t *testing.T) { - // Set up test server. - n := 0 - handler := func(w http.ResponseWriter, r *http.Request) { - if n >= len(requests) { - t.Errorf("too many requests: %d", n) - return - } - req := requests[n] - n++ - - // Check request. - if g, w := r.URL.Path, req.path; g != w { - t.Errorf("request[%d] got path %s, want %s", n, g, w) - } - want, _ := url.ParseQuery(req.query) - for k := range want { - if g, w := r.FormValue(k), want.Get(k); g != w { - t.Errorf("query[%s] = %s, want %s", k, g, w) - } - } - if g, w := r.Header.Get("Authorization"), req.auth; w != "" && g != w { - t.Errorf("Authorization: %v, want %v", g, w) - } - - // Send response. - w.Header().Set("Content-Type", req.contenttype) - io.WriteString(w, req.body) - } - server := httptest.NewServer(http.HandlerFunc(handler)) - defer server.Close() - - config := &Config{ - ClientId: "cl13nt1d", - ClientSecret: "s3cr3t", - Scope: "https://example.net/scope", - AuthURL: server.URL + "/auth", - TokenURL: server.URL + "/token", - } - - // TODO(adg): test AuthCodeURL - - transport := &Transport{Config: config} - _, err := transport.Exchange("c0d3") - if err != nil { - t.Fatalf("Exchange: %v", err) - } - checkToken(t, transport.Token, "token1", "refreshtoken1", "idtoken1") - - c := transport.Client() - resp, err := c.Get(server.URL + "/secure") - if err != nil { - t.Fatalf("Get: %v", err) - } - checkBody(t, resp, "first payload") - - // test automatic refresh - transport.Expiry = time.Now().Add(-time.Hour) - resp, err = c.Get(server.URL + "/secure") - if err != nil { - t.Fatalf("Get: %v", err) - } - checkBody(t, resp, "second payload") - checkToken(t, transport.Token, "token2", "refreshtoken2", "idtoken2") - - // refresh one more time, but get URL-encoded token instead of JSON - transport.Expiry = time.Now().Add(-time.Hour) - resp, err = c.Get(server.URL + "/secure") - if err != nil { - t.Fatalf("Get: %v", err) - } - checkBody(t, resp, "third payload") - checkToken(t, transport.Token, "token3", "refreshtoken3", "idtoken3") - - transport.Token = &Token{} - err = transport.AuthenticateClient() - if err != nil { - t.Fatalf("AuthenticateClient: %v", err) - } - checkToken(t, transport.Token, "token4", "", "") - resp, err = c.Get(server.URL + "/secure") - if err != nil { - t.Fatalf("Get: %v", err) - } - checkBody(t, resp, "fourth payload") -} - -func checkToken(t *testing.T, tok *Token, access, refresh, id string) { - if g, w := tok.AccessToken, access; g != w { - t.Errorf("AccessToken = %q, want %q", g, w) - } - if g, w := tok.RefreshToken, refresh; g != w { - t.Errorf("RefreshToken = %q, want %q", g, w) - } - if g, w := tok.Extra["id_token"], id; g != w { - t.Errorf("Extra['id_token'] = %q, want %q", g, w) - } - if tok.Expiry.IsZero() { - t.Errorf("Expiry is zero; want ~1 hour") - } else { - exp := tok.Expiry.Sub(time.Now()) - const slop = 3 * time.Second // time moving during test - if (time.Hour-slop) > exp || exp > time.Hour { - t.Errorf("Expiry = %v, want ~1 hour", exp) - } - } -} - -func checkBody(t *testing.T, r *http.Response, body string) { - b, err := ioutil.ReadAll(r.Body) - if err != nil { - t.Errorf("reading reponse body: %v, want %q", err, body) - } - if g, w := string(b), body; g != w { - t.Errorf("request body mismatch: got %q, want %q", g, w) - } -} - -func TestCachePermissions(t *testing.T) { - if runtime.GOOS == "windows" { - // Windows doesn't support file mode bits. - return - } - - td, err := ioutil.TempDir("", "oauth-test") - if err != nil { - t.Fatalf("ioutil.TempDir: %v", err) - } - defer os.RemoveAll(td) - tempFile := filepath.Join(td, "cache-file") - - cf := CacheFile(tempFile) - if err := cf.PutToken(new(Token)); err != nil { - t.Fatalf("PutToken: %v", err) - } - fi, err := os.Stat(tempFile) - if err != nil { - t.Fatalf("os.Stat: %v", err) - } - if fi.Mode()&0077 != 0 { - t.Errorf("Created cache file has mode %#o, want non-accessible to group+other", fi.Mode()) - } -}